AppArmor does not work with audit ausearch
Bug #1646911 reported by
Vincas Dargis
This bug report is a duplicate of:
Bug #1117804: ausearch doesn't show AppArmor denial messages.
Edit
Remove
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AppArmor |
Confirmed
|
Undecided
|
Unassigned | ||
apparmor (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
Hi,
Some (quite) time ago I've asked Audit developers about issue that ausearch fails to "grep" AppArmor events from audit log. For example, "ausearch -m AVC" does not return anything while "apparmor="DENIED"" messages are in the log. Actually, even "ausearch -m ALL" does not contain any AppArmor-produced messages. I've just checked on current Debian Testing (AppArmor 2.10.95) and behavior is the same.
I was informed [1] that it's actually AppArmor's problem and that this is something to do with message types that are allocated for AppArmor, but is not (properly?) used..?
[1] https:/
To post a comment you must log in.
Thanks Vincas, I thought for sure we already had a bug for this but I can't find it now.